Equifax's credit-monitoring site also reportedly hackable

A new-found vulnerability could let hackers spoof Equifax's credit-monitoring site and siphon off personal information.

Getty Images

Equifax's hack headache appears to be getting worse.

A site Equifax set up to help worried consumers create alerts and freeze accounts after the credit-monitoring firm revealed a massive data breach is also vulnerable to hack, ZDNet reported Monday. The reported vulnerability comes as the company grapples with the aftershocks of a massive hack that exposed sensitive financial information for as many as 143 million Americans.

A cross-site scripting vulnerability could allow hackers to spoof the site via a malicious link and then siphon off any personal information visitors submit, the CNET sister site reported. Hackers could insert the malicious code in Equifax's web address, tricking the browser into treating the site as secure and displaying the "lock" icon in the browser window, ZDNet reported.

The alleged vulnerability is the latest to dog the company, which revealed Thursday that hackers made off with a treasure trove of financial data from as many as 143 million people in the US, including names, Social Security numbers, birth dates and addresses of customers. Equifax learned about the breach on July 29 but didn't reveal it for more than a month.

Earlier Monday, a pair of prominent US senators sent Equifax CEO Rick Smith a list of detailed questions about the hack, such as what the timeline for the security breach was and when the company became aware of it. Sen. Orrin Hatch, chair of the senate Finance Committee, and Ron Wyden, a ranking committee member, also asked for information about when authorities and board members were informed of the hack, including three executives who sold shares in the days after the hack was discovered.

Equifax didn't immediately respond to a request for comment.

Solving for XX: The industry seeks to overcome outdated ideas about "women in tech."